What is claimed is: 

1 . In a system having a pluraUty of host computers and a storage system 
having a plurality of portions which may be individually allocated to particular hosts and 
having a security management system to control access to such portions, and in which a 
negotiation among at least two of the hosts is used to determine access to a portion of the 
storage system, a method comprising: 

informing the security system of the negotiation; and 

restricting access to the portions to the host that acquired such access in the 

negotiation. 

2. A method as in claim 1 further comprising: 
detecting a change of conditions in at least one of the hosts; 
reallocating access to the at least one of the plurality of portions; 
informing the security system of the reallocation; and 

restricting access to the portion to the host that acquired such access in the 

reallocation. 

3. A method as in claim 2 wherein the condition comprises a fault 

condition. 

4. A method as in claim 1 wherein the storage system comprises a disk 
array and the portion comprises a voliune. 

5. A method as in claim 1 wherein the storage system comprises a storage 
area network and the portion comprises a volume. 

6. A method as in claim 1 further comprising: 
monitoring operations of the system; and 

in response to detection of a condition, restarting the negotiation among at 
least two of the hosts to detemiine access to the portion. 

7. A method as in claim 1 wherein the negotiation determines that one of 
the hosts is permitted to access the portion and the method further comprises denying access 
to all hosts other than the one permitted to access the portion. 
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8. A storage system operable in response to commands from a first host 
and a second host to store and retrieve information from the storage system, the storage 
system including a security management system comprising: 

an authorization system responsive to an initialization procedure performed by 
the first host in communication with the second host to allocate access to a portion of the 
storage system, the authorization system permitting access to that portion of the storage 
system only in accordance with the initialization procedure. 

9. A storage system as in claim 8 wherein the authorization system is 
further responsive to a condition occurring in one of the first host and the second host to 
reallocate access to the portion of the storage system. 

10. A storage system as in claim 8 wherein the storage system comprises a 
disk array and the portion comprises a volume, and the disk array includes a plurality of 
volumes. 

11. A storage system as in claim 10 further comprising a security 
configuration information storage for storing information describing which of the first host 
and the second host is permitted to access each of the plurality of volumes. 

12. A storage system as in claim 8 wherein the storage system comprises a 
disk array and the portion comprises a part of the disk array defined by a logical vmt number, 
and the disk array includes a plurality of portions identified by logical imit numbers. 

13. A storage system as in claim 12 further comprising a security 
configuration information storage for storing information describing which of the first host 
and the second host is permitted to access each of the plurality of portions identified by 
logical unit numbers. 

14. A storage system as in claim 8 wherein the storage system is coupled 
to the first host and the second host by at least one of a data link, a network, and a switch. 

15. In a system including a first host and a second host, a storage system 
coupled to each of the first host and the second host, the storage system comprising: 

a plurality of individually addressable units of storage; and 
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a security management subsystem for controlling access to each of the 
individually addressable units of storage based upon an identification of the first host and the 
second host. 

16. A system as in claim 15 wherein the security management subsystem 
stores information in the storage system identifying for each of the plurality of individually 
addressable units of storage which hosts are permitted to access each such unit and which 
hosts are not permitted to access each such unit. 

17. A system as in claim 16 wherein the information is stored in a table in 
the storage system. 

18. A system as in claim 15 wherein access to each of the individually 
addressable units of storage is determined during an initialization procedure. 

19. A system as in claim 18 wherein the initialization procedure is 
performed by a cluster management system on the hosts, and the hosts communicate with 
each other during such initialization. 

20. A system as in claim 19 wherein upon completion of the initialization 
procedure a message is sent to a volume security control subsystem. 

21 . A system as in claim 20 wherein the volume security control 
subsystem is located in each of the hosts. 

22. A system as in claim 20 wherein the volume security control 
subsystem is located in a storage manager coupled to the hosts. 

23. A system as in claim 20 wherein the volume security control 
subsystem communicates with the security management subsystem to define access rights for 
each of the hosts to each of the individually addressable units of storage. 

24. A system as in claim 15 wherein the storage system comprises a 
storage area network. 

25. In a system having a plurality of host computers and a storage system 
having a plurality of logical units, wherein each of the logical volumes can be accessed only 



10 



by one or more host computers having ownership of the logical volume, a method 
comprising: 

providing ownership for a first logical unit to a primary host computer; 
if a problem occurs in the primary host computer, taking over, at a second host 
computer, processing of the primary host computer; and 

changing the ownership for the first logical unit to the second host computer. 
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